AdonisJS v6 is here. Learn more in our release blog post.

Basic auth

The basic auth guard uses the HTTP basic authentication for authenticating the requests.

There is no concept of explicit login and logout with basic auth. The credentials for authentication are sent on every request and you can validate them using the auth.authenticate method.

  • If the user credentials are incorrect, then the auth package will deny the request with WWW-Authenticate header.
  • If the credentials are correct, then you will be able to access the logged in user details.

The basic auth guard relies on the underlying user provider to lookup and validate the user credentials

import Route from '@ioc:Adonis/Core/Route'
Route
.get('posts', async ({ auth }) => {
await auth.use('basic').authenticate()
return `You are logged in as ${auth.user!.email}`
})

You can also make use of the auth middleware to guard routes using the basic auth guard.

import Route from '@ioc:Adonis/Core/Route'
Route
.get('posts', async ({ auth }) => {
return `You are logged in as ${auth.user!.email}`
})
.middleware('auth', { guards: ['basic'] })